Clerk Changelog

Our pre-built UI components are a phenomenal way to integrate Clerk's authentication and user management features into your applications, but we know that many of you are looking for even more customization. That has usually meant dropping down to our hooks to create custom flows. Clerk's hooks offer a ton of flexibility and control for creating flows exactly as you want, but we think we can make it easier for you to focus on building your UI while letting us handle the underlying logic.

This is why we're excited to introduce Clerk Elements (Beta). Clerk Elements is a collection of composable components for creating completely custom authentication and user management UIs on top of Clerk's APIs and business logic. We think the component is a great abstraction, and so we're taking it a step further and exposing an unstyled set of components that you can use to build your authentication UIs to completely match your brand and existing design system.

Clerk Elements is launching in beta today, with support for building fully custom sign-up and sign-in flows inside Next.js. Along with the release, we're also sharing documentation and examples to get you started with Clerk Elements.

Build with Clerk Elements

They say a picture is worth a thousand words (and a component is worth 1,000 APIs), so let's dive right in. Below are examples of unstyled sign-up and sign-in flows built with Clerk Elements. These snippets support authenticating with Google auth, or email and email code.

Build your sign-up

'use client'

import * as Clerk from '@clerk/elements/common'
import * as SignUp from '@clerk/elements/sign-up'

export default function SignUpPage() {
  return (
    <SignUp.Root>
      <SignUp.Step name="start">
        <h1>Create your account</h1>
        <p>Welcome! Fill in the fields below to get started.</p>
        <Clerk.GlobalError />

	      <Clerk.Connection name="google">
	        <Clerk.Icon name="google" /> Sign up with Google
	      </Clerk.Connection>

        <div>or</div>

        <Clerk.Field name="identifier">
          <Clerk.Label>Email address</Clerk.Label>
          <Clerk.Input />
          <Clerk.FieldError />
        </Clerk.Field>

        <SignUp.Action submit>Continue</SignUp.Action>
      </SignUp.Step>
      <SignUp.Step name="continue">
        <h1>We need a few more details.</h1>
        <Clerk.GlobalError />

        <Clerk.Field name="firstName">
          <Clerk.Label>First name</Clerk.Label>
          <Clerk.Input />
          <Clerk.FieldError />
        </Clerk.Field>

        <Clerk.Field name="lastName">
          <Clerk.Label>Last name</Clerk.Label>
          <Clerk.Input />
          <Clerk.FieldError />
        </Clerk.Field>

        <SignUp.Action submit>Continue</SignUp.Action>
      </SignUp.Step>
      <SignUp.Step name="verifications">
        <Clerk.GlobalError />

	      <SignUp.Strategy name="email_code">
          <h1>Check your email</h1>
          <p>We've sent a code to your email.</p>
	        <Clerk.Field name="code">
	          <Clerk.Label>Email code</Clerk.Label>
	          <Clerk.Input />
	          <Clerk.FieldError />
	        </Clerk.Field>
	        <SignUp.Action submit>Continue</SignUp.Action>
	      </SignUp.Strategy>
      </SignUp.Step>
    </SignUp.Root>
  )
}

Build your sign-in

'use client'

import * as Clerk from '@clerk/elements/common'
import * as SignIn from '@clerk/elements/sign-in'

export default function SignInPage() {
  return (
    <SignIn.Root>
      <SignIn.Step name="start">
        <h1>Sign in to Clover</h1>
        <p>Welcome back! Please sign in to continue.</p>

        <Clerk.GlobalError />

	      <Clerk.Connection name="google">
	        <Clerk.Icon name="google" /> Sign in with Google
	      </Clerk.Connection>

        <div>or</div>

        <Clerk.Field name="identifier">
          <Clerk.Label>Email address</Clerk.Label>
          <Clerk.Input />
          <Clerk.FieldError />
        </Clerk.Field>

        <SignIn.Action submit>Continue</SignIn.Action>
      </SignIn.Step>
      <SignIn.Step name="verifications">
        <Clerk.GlobalError />

	      <SignIn.Strategy name="email_code">
          <h1>Check your email</h1>
          <p>We've sent a code to <SignIn.SafeIdentifier />.</p>
	        <Clerk.Field name="code">
	          <Clerk.Label>Email code</Clerk.Label>
	          <Clerk.Input />
	          <Clerk.FieldError />
	        </Clerk.Field>
	        <SignIn.Action submit>Continue</SignIn.Action>
	      </SignIn.Strategy>
      </SignIn.Step>
    </SignIn.Root>
  )
}

Customize Elements

As you can see from the above snippets, Clerk Elements gives you complete control over the markup rendered in your authentication flows, and everything is unstyled. We want to make it easy for you to integrate with your existing styling approach. To that end, any markup that is rendered can accept a className prop. Bring on those Tailwind classes!

<SignIn.Action
  submit
  className="px-4 py-2 bg-purple-500 text-white shadow-sm"
>
  Continue
</SignIn.Action>

Clerk Elements also support the asChild prop, popularized by component libraries like Radix. Bring your existing component library and it'll take care of the rest.

<SignUp.Action submit asChild>
  <CloverButton>Continue</CloverButton>
</SignUp.Action>

For more information on the available components and how to get started building fully custom flows with Clerk Elements, check out the Clerk Elements documentation.

Building towards GA

While we're not marking Elements as stable quite yet, we're currently dogfooding it internally by building our existing pre-built components with Elements. As we do this, we expect to continue to make refinements to the component APIs to make sure we support even the most complex use cases.

Once our pre-built components are built on Elements and it supports all major React frameworks (not only Next.js), we'll be ready to mark Elements as stable and fully ready for production.

Your feedback is critical during this beta period to making sure Clerk Elements is the best it can be. If you have questions or want to talk to other users who are testing out the Clerk Elements beta, join the Clerk Community on Discord.

We're already having fun internally dreaming up new authentication UIs made possible with Clerk Elements, and we can't wait to see what you build!

Securing your application is one of our top priorities here at Clerk. To that end, we incorporate several protections against automated bot traffic, implemented in our Web Application Firewall running at edge.

These safeguards, while effective against malicious bots, have historically interfered with end-to-end test suites. If you ever encountered a "Bot traffic detected" error in your tests, it's those protections in action.

Today we are releasing Testing Tokens - a feature that allows testing suites to run uninhibited by such security measures.

For usage instructions and Playwright integration, visit the Testing Tokens docs and the Playwright guide. Additionally, we will be working on an integration for Cypress in the future.

Testing Tokens are currently available in development instances, but may be expanded to production instances in the future.

For further info, feedback or issues, refer to the docs and the @clerk/testing package.

Forget remembering passwords! Based on the WebAuthn specification, passkeys are a new method to log in securely using your fingerprint, face scan, PIN, or pattern. This passwordless flow results in a more secure and easy-to-use sign-in flow for your users.

If you want to know more about passkeys in general, head to our blog and read our article: What are passkeys and how do they work?

Today we're thrilled to announce that passkeys are now in beta for all applications within Clerk.

Using passkeys with Clerk

Please take note that at the moment, enabling passkeys is only available for applications that are using "Core 2" version of the SDK which, for example, if you're using @clerk/next-js the package version should be >= 5.0.x.

During the beta, we recommend using the latest release of our SDKs to test out passkeys.

If you're using our <SignIn /> UI Component, you can enable passkeys for your users by activating Passkeys as an Authentication strategy in the Clerk Dashboard.

The easiest way to allow your users to create and manage their passkeys is to use the prebuilt <UserProfile /> component, which includes passkey management in the Security tab.

Beyond the all-in-one components, we provide handy helpers like createPasskey() and authenticateWithPasskey() for building your own flows. Learn more about rebuilding passkey authentication from scratch in our Custom Flows doc.

More about the Beta

While in Beta, enabling passkeys is free for all applications to use. We'd love for you to give it a try, and we'll be collecting all of your feedback along the way. If you have any feedback, please reach out at beta-passkeys@clerk.dev.

After a little over a month in Beta, we're making our latest major release Generally Available. Core 2 represents a massive overhaul to the way Clerk works under the hood and ships with a bunch of goodies for you and your users. Going forward, whenever you install one of our Clerk packages, you'll be able to take full advantage of the latest Core 2 features.

We want to thank everyone who participated in the beta and helped us get to this point 💜.

Head to our Core 2 Upgrade Guides or try one of our Quickstarts to get started with Core 2 today!

Until recently, the Bot Protection feature was entirely invisible to end-users. While effective in most cases, occasionally real users were being wrongly identified as bots (aka. false positives) and were therefore blocked from signing up to the application, without having a way to rectify the error. To overcome this issue, users would have to reach out via support channels for remediation.

Clerk now expands the functionality of Bot Protection by offering more control over the widget, allowing your end-users to overcome such situations on their own. There are now two Bot Protection widget types:

1. Invisible: Render an invisible challenge if bot traffic is suspected. (This is what we had until now.)
2. Smart: Render an interactive challenge if bot traffic is suspected. Suspected users will have to click to the widget in order to prove they're not a bot.

For instances that had previously enabled Bot Protection, your settings are automatically set to Invisible as this was the previous default. In the near future, all new instances will default to Smart.

To configure your Bot Protection settings, head to the Attack Protection section of Clerk Dashboard and read more about Bot Protection.

SAML Enterprise Connections are now Generally Available

You may have heard this was coming when we shared our notice in February that SAML Enterprise Connections were exiting Beta. Well... today is the day. Thank you to all of the customers who participated in the Beta and helped harden this functionality 🎉.

But like Steve Jobs often said, there's one more thing...

IdP Initiated SSO is here

Along with the GA, we're also releasing IdP-initiated SSO. This means your customers can now use their IdP of choice (Google Workspace, Microsoft AD, Okta, etc) to initiate sign ins, instead of having to start at your app's Sign In views.

While this can be a major quality of life upgrade for your users who already use their IdP's for their other applications, it's important to weigh the risks of IdP-intiated SSO for your application.

If you think your users would be interested in this, have a peek at our IdP-initiated flow docs.

A few more things...

Apologies. I said one more thing but I guess I meant, a few more things. I got caught up in the moment 🙇.

In addition to the GA and the IdP-initiated feature release, we also made some quality-of-life improvements to the Dashboard when configuring Enterprise Connections. The new updates make it less error prone and more intuitive to provision the different providers, and improve the overall developer experience.

Alongside the GA we also released a few specific tutorials that cover setting up SAML Enterprise Connections for Azure, Google Workspace, and Okta.

If you haven't taken a look at Enterprise Connections in a bit, we encourage you to take another look!